bird.makeup

j j

@mistymntncop · Twitter · 2024-11-26 23:51 UTC

We suspected it before. But this seems to confirm the ITW exploit for CVE-2024-9680 was definitely inspired by CVE-2022-0609. Just look at the variable names and other choices - such as creating a Animation object via "animate" function instead of constructor

ESET Research

@esetresearch · Twitter · 2024-11-26 11:32 UTC

Detailed analysis of RomCom’s exploit, chaining the two vulnerabilities together, is available at https://welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/. IoCs available from our GitHub: https://github.com/eset/malware-ioc/tree/master/romcom 7/7